This is similar to the approach taken in DCE, where a DCE-enabled
application server must acquire its (in this case, secret) key from a
"keytab" file that is protected by the operating system permissions to be
read and write accessible by only the application server itself.
Ultimately, unless you want to use on human intervention, you have to rely
on the protection provided by the operating system.
Brian Browne, CISSP
[EMAIL PROTECTED] on 01/20/99 01:10:23 PM
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED] (bcc: Brian
Browne/ISD/SUBCONTRACTOR/CSC)
Subject: Re: Host keys must have empty passphrase?
[EMAIL PROTECTED] said:
>Ok, maybe I'm missing something, but why would you NOT want to
>password protect your host key? Isn't that something you WOULD
>want to passphrase protect?
The host private key is used by sshd. There is no way for sshd to 'know'
a password, so it wouldn't be able to start up if it needed to supply a
password to decrypt its private key. (Of course, the password could be
kept
on disk, but then the key already is on disk, so the password wouldn't buy
you anything!).
Whereas, as a human user, you should password-protect your private key to
prevent someone else who gets access to your workstation from using it.
This does imply that it is important for an sshd machine to be kept secure,
so that an unauthorized party can't get access to the sshd (host) private
key.
That's how it is with a daemon that has no 'offline brain' to store secrets
:-)
---------------------------------------------------------------------------
-
Mike Friedman [EMAIL PROTECTED]
Communication & Network Services +1-510-642-1410
University of California at Berkeley
http://www.net.Berkeley.EDU/~mikef
---------------------------------------------------------------------------
-
